diff options
author | Cronet Mainline Eng <cronet-mainline-eng+copybara@google.com> | 2024-05-28 13:59:50 +0900 |
---|---|---|
committer | Motomu Utsumi <motomuman@google.com> | 2024-05-28 14:11:54 +0900 |
commit | 168f7e285114554eb2ac9bc22343cca461355b50 (patch) | |
tree | c65ccc97fb3dc01e329951c1c7c7901aef7b7a2a /net/socket/transport_client_socket_pool_unittest.cc | |
parent | 5cfdd35118d5a23349255971e97737e32895ec0f (diff) | |
download | cronet-168f7e285114554eb2ac9bc22343cca461355b50.tar.gz |
Import Cronet version 122.0.6261.43
FolderOrigin-RevId: /tmp/copybara-origin/src
Change-Id: Ifb7b548cde690e10cc102366bc538e744efa902b
Diffstat (limited to 'net/socket/transport_client_socket_pool_unittest.cc')
-rw-r--r-- | net/socket/transport_client_socket_pool_unittest.cc | 232 |
1 files changed, 112 insertions, 120 deletions
diff --git a/net/socket/transport_client_socket_pool_unittest.cc b/net/socket/transport_client_socket_pool_unittest.cc index 63bc6b999..384695493 100644 --- a/net/socket/transport_client_socket_pool_unittest.cc +++ b/net/socket/transport_client_socket_pool_unittest.cc @@ -23,13 +23,13 @@ #include "net/base/load_timing_info.h" #include "net/base/load_timing_info_test_util.h" #include "net/base/net_errors.h" +#include "net/base/network_anonymization_key.h" #include "net/base/privacy_mode.h" #include "net/base/proxy_chain.h" #include "net/base/proxy_server.h" #include "net/base/proxy_string_util.h" #include "net/base/schemeful_site.h" #include "net/base/test_completion_callback.h" -#include "net/cert/ct_policy_enforcer.h" #include "net/cert/mock_cert_verifier.h" #include "net/dns/mock_host_resolver.h" #include "net/dns/public/secure_dns_policy.h" @@ -118,7 +118,8 @@ class TransportClientSocketPoolTest : public ::testing::Test, group_id_(url::SchemeHostPort(url::kHttpScheme, "www.google.com", 80), PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), - SecureDnsPolicy::kAllow), + SecureDnsPolicy::kAllow, + /*disable_cert_network_fetches=*/false), params_(ClientSocketPool::SocketParams::CreateForHttpForTesting()), client_socket_factory_(NetLog::Get()) { std::unique_ptr<MockCertVerifier> cert_verifier = @@ -167,7 +168,7 @@ class TransportClientSocketPoolTest : public ::testing::Test, ClientSocketPool::GroupId group_id( url::SchemeHostPort(url::kHttpScheme, host_name, 80), PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); return test_base_.StartRequestUsingPool( pool_.get(), group_id, priority, ClientSocketPool::RespectLimits::ENABLED, @@ -270,7 +271,7 @@ TEST_F(TransportClientSocketPoolTest, SetSecureDnsPolicy) { ClientSocketPool::GroupId group_id( url::SchemeHostPort(url::kHttpScheme, "www.google.com", 80), PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), - secure_dns_policy); + secure_dns_policy, /*disable_cert_network_fetches=*/false); EXPECT_EQ( ERR_IO_PENDING, handle.Init(group_id, params_, absl::nullopt /* proxy_annotation_tag */, @@ -1063,7 +1064,7 @@ TEST(TransportClientSocketPoolStandaloneTest, DontCleanupOnIPAddressChange) { const ClientSocketPool::GroupId group_id( url::SchemeHostPort(url::kHttpScheme, "www.google.com", 80), PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); TestCompletionCallback callback; ClientSocketHandle handle; int rv = @@ -1105,15 +1106,15 @@ TEST_F(TransportClientSocketPoolTest, SSLCertError) { scoped_refptr<ClientSocketPool::SocketParams> socket_params = base::MakeRefCounted<ClientSocketPool::SocketParams>( - std::move(ssl_config_for_origin), - /*base_ssl_config_for_proxies=*/nullptr); + std::move(ssl_config_for_origin)); ClientSocketHandle handle; TestCompletionCallback callback; int rv = handle.Init(ClientSocketPool::GroupId( kEndpoint, PrivacyMode::PRIVACY_MODE_DISABLED, - NetworkAnonymizationKey(), SecureDnsPolicy::kAllow), + NetworkAnonymizationKey(), SecureDnsPolicy::kAllow, + /*disable_cert_network_fetches=*/false), socket_params, absl::nullopt /* proxy_annotation_tag */, MEDIUM, SocketTag(), ClientSocketPool::RespectLimits::ENABLED, callback.callback(), ClientSocketPool::ProxyAuthCallback(), @@ -1203,7 +1204,7 @@ TEST_P(TransportClientSocketPoolSSLConfigChangeTest, GracefulConfigChange) { ClientSocketPool::GroupId group_id2( url::SchemeHostPort(url::kHttpScheme, "bar.example.com", 80), PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); TestCompletionCallback callback; int rv = handle2.Init(group_id2, params_, /*proxy_annotation_tag=*/absl::nullopt, @@ -1228,7 +1229,7 @@ TEST_P(TransportClientSocketPoolSSLConfigChangeTest, GracefulConfigChange) { ClientSocketPool::GroupId group_id3( url::SchemeHostPort(url::kHttpScheme, "foo.example.com", 80), PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); TestCompletionCallback callback3; ClientSocketHandle handle3; int rv = @@ -1515,8 +1516,7 @@ TEST_F(TransportClientSocketPoolTest, SOCKS) { for (IoMode socket_io_mode : {SYNCHRONOUS, ASYNC}) { scoped_refptr<ClientSocketPool::SocketParams> socket_params = base::MakeRefCounted<ClientSocketPool::SocketParams>( - /*ssl_config_for_origin=*/nullptr, - /*base_ssl_config_for_proxies=*/nullptr); + /*ssl_config_for_origin=*/nullptr); SOCKS5MockData data(socket_io_mode); data.data_provider()->set_connect_data(MockConnect(socket_io_mode, OK)); @@ -1526,7 +1526,8 @@ TEST_F(TransportClientSocketPoolTest, SOCKS) { int rv = handle.Init( ClientSocketPool::GroupId( kDestination, PrivacyMode::PRIVACY_MODE_DISABLED, - NetworkAnonymizationKey(), SecureDnsPolicy::kAllow), + NetworkAnonymizationKey(), SecureDnsPolicy::kAllow, + /*disable_cert_network_fetches=*/false), socket_params, TRAFFIC_ANNOTATION_FOR_TESTS, LOW, SocketTag(), ClientSocketPool::RespectLimits::ENABLED, callback.callback(), ClientSocketPool::ProxyAuthCallback(), &proxy_pool, NetLogWithSource()); @@ -1589,12 +1590,11 @@ TEST_F(TransportClientSocketPoolTest, SpdyOneConnectJobTwoRequestsError) { scoped_refptr<ClientSocketPool::SocketParams> socket_params = base::MakeRefCounted<ClientSocketPool::SocketParams>( - /*ssl_config_for_origin=*/std::make_unique<SSLConfig>(), - /*base_ssl_config_for_proxies=*/std::make_unique<SSLConfig>()); + /*ssl_config_for_origin=*/std::make_unique<SSLConfig>()); ClientSocketPool::GroupId group_id( kEndpoint, PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); // Start the first connection attempt. TestCompletionCallback callback1; @@ -1694,12 +1694,11 @@ TEST_F(TransportClientSocketPoolTest, SpdyAuthOneConnectJobTwoRequests) { scoped_refptr<ClientSocketPool::SocketParams> socket_params = base::MakeRefCounted<ClientSocketPool::SocketParams>( - /*ssl_config_for_origin=*/std::make_unique<SSLConfig>(), - /*base_ssl_config_for_proxies=*/std::make_unique<SSLConfig>()); + /*ssl_config_for_origin=*/std::make_unique<SSLConfig>()); ClientSocketPool::GroupId group_id( kEndpoint, PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); // Start the first connection attempt. TestCompletionCallback callback1; @@ -1790,13 +1789,13 @@ TEST_F(TransportClientSocketPoolTest, HttpTunnelSetupRedirect) { scoped_refptr<ClientSocketPool::SocketParams> socket_params = base::MakeRefCounted<ClientSocketPool::SocketParams>( - /*ssl_config_for_origin=*/std::make_unique<SSLConfig>(), - /*base_ssl_config_for_proxies=*/std::make_unique<SSLConfig>()); + /*ssl_config_for_origin=*/std::make_unique<SSLConfig>()); int rv = handle.Init( ClientSocketPool::GroupId( kEndpoint, PrivacyMode::PRIVACY_MODE_DISABLED, - NetworkAnonymizationKey(), SecureDnsPolicy::kAllow), + NetworkAnonymizationKey(), SecureDnsPolicy::kAllow, + /*disable_cert_network_fetches=*/false), socket_params, TRAFFIC_ANNOTATION_FOR_TESTS, LOW, SocketTag(), ClientSocketPool::RespectLimits::ENABLED, callback.callback(), ClientSocketPool::ProxyAuthCallback(), &proxy_pool, @@ -1829,14 +1828,13 @@ TEST_F(TransportClientSocketPoolTest, NetworkAnonymizationKey) { TransportClientSocketPool::GroupId group_id( url::SchemeHostPort(url::kHttpScheme, kHost, 80), PrivacyMode::PRIVACY_MODE_DISABLED, kNetworkAnonymizationKey, - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); ClientSocketHandle handle; TestCompletionCallback callback; EXPECT_THAT( handle.Init(group_id, base::MakeRefCounted<ClientSocketPool::SocketParams>( - /*ssl_config_for_origin=*/nullptr, - /*base_ssl_config_for_proxies=*/nullptr), + /*ssl_config_for_origin=*/nullptr), TRAFFIC_ANNOTATION_FOR_TESTS, LOW, SocketTag(), ClientSocketPool::RespectLimits::ENABLED, callback.callback(), ClientSocketPool::ProxyAuthCallback(), pool_.get(), @@ -1849,7 +1847,7 @@ TEST_F(TransportClientSocketPoolTest, NetworkAnonymizationKey) { session_deps_.host_resolver->request_network_anonymization_key(1)); } -TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeySsl) { +TEST_F(TransportClientSocketPoolTest, NetworkAnonymizationKeySsl) { const SchemefulSite kSite(GURL("https://foo.test/")); const auto kNetworkAnonymizationKey = NetworkAnonymizationKey::CreateSameSite(kSite); @@ -1868,7 +1866,7 @@ TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeySsl) { TransportClientSocketPool::GroupId group_id( url::SchemeHostPort(url::kHttpsScheme, kHost, 443), PrivacyMode::PRIVACY_MODE_DISABLED, kNetworkAnonymizationKey, - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); auto ssl_config_for_origin = std::make_unique<SSLConfig>(); ssl_config_for_origin->alpn_protos = {kProtoHTTP2, kProtoHTTP11}; ClientSocketHandle handle; @@ -1876,8 +1874,7 @@ TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeySsl) { EXPECT_THAT( handle.Init(group_id, base::MakeRefCounted<ClientSocketPool::SocketParams>( - std::move(ssl_config_for_origin), - /*base_ssl_config_for_proxies=*/nullptr), + std::move(ssl_config_for_origin)), TRAFFIC_ANNOTATION_FOR_TESTS, LOW, SocketTag(), ClientSocketPool::RespectLimits::ENABLED, callback.callback(), ClientSocketPool::ProxyAuthCallback(), pool_.get(), @@ -1892,8 +1889,8 @@ TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeySsl) { // Test that, in the case of an HTTP proxy, the same transient // NetworkAnonymizationKey is reused for resolving the proxy's host, regardless -// of input NIK. -TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeyHttpProxy) { +// of input NAK. +TEST_F(TransportClientSocketPoolTest, NetworkAnonymizationKeyHttpProxy) { const SchemefulSite kSite1(GURL("https://foo.test/")); const auto kNetworkAnonymizationKey1 = NetworkAnonymizationKey::CreateSameSite(kSite1); @@ -1921,14 +1918,13 @@ TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeyHttpProxy) { TransportClientSocketPool::GroupId group_id1( url::SchemeHostPort(url::kHttpScheme, kHost, 80), PrivacyMode::PRIVACY_MODE_DISABLED, kNetworkAnonymizationKey1, - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); ClientSocketHandle handle1; TestCompletionCallback callback1; EXPECT_THAT( handle1.Init(group_id1, base::MakeRefCounted<ClientSocketPool::SocketParams>( - /*ssl_config_for_origin=*/nullptr, - /*base_ssl_config_for_proxies=*/nullptr), + /*ssl_config_for_origin=*/nullptr), TRAFFIC_ANNOTATION_FOR_TESTS, LOW, SocketTag(), ClientSocketPool::RespectLimits::ENABLED, callback1.callback(), ClientSocketPool::ProxyAuthCallback(), @@ -1938,14 +1934,13 @@ TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeyHttpProxy) { TransportClientSocketPool::GroupId group_id2( url::SchemeHostPort(url::kHttpScheme, kHost, 80), PrivacyMode::PRIVACY_MODE_DISABLED, kNetworkAnonymizationKey2, - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); ClientSocketHandle handle2; TestCompletionCallback callback2; EXPECT_THAT( handle2.Init(group_id2, base::MakeRefCounted<ClientSocketPool::SocketParams>( - /*ssl_config_for_origin=*/nullptr, - /*base_ssl_config_for_proxies=*/nullptr), + /*ssl_config_for_origin=*/nullptr), TRAFFIC_ANNOTATION_FOR_TESTS, LOW, SocketTag(), ClientSocketPool::RespectLimits::ENABLED, callback1.callback(), ClientSocketPool::ProxyAuthCallback(), @@ -1953,10 +1948,12 @@ TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeyHttpProxy) { IsError(ERR_IO_PENDING)); ASSERT_EQ(2u, session_deps_.host_resolver->last_id()); - EXPECT_EQ(kProxyChain.proxy_server().host_port_pair().host(), - session_deps_.host_resolver->request_host(1)); - EXPECT_EQ(kProxyChain.proxy_server().host_port_pair().host(), - session_deps_.host_resolver->request_host(2)); + EXPECT_EQ( + kProxyChain.GetProxyServer(/*server_index=*/0).host_port_pair().host(), + session_deps_.host_resolver->request_host(1)); + EXPECT_EQ( + kProxyChain.GetProxyServer(/*server_index=*/0).host_port_pair().host(), + session_deps_.host_resolver->request_host(2)); EXPECT_TRUE(session_deps_.host_resolver->request_network_anonymization_key(1) .IsTransient()); EXPECT_EQ(session_deps_.host_resolver->request_network_anonymization_key(1), @@ -1965,8 +1962,8 @@ TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeyHttpProxy) { // Test that, in the case of an HTTPS proxy, the same transient // NetworkAnonymizationKey is reused for resolving the proxy's host, regardless -// of input NIK. -TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeyHttpsProxy) { +// of input NAK. +TEST_F(TransportClientSocketPoolTest, NetworkAnonymizationKeyHttpsProxy) { const SchemefulSite kSite1(GURL("https://foo.test/")); const auto kNetworkAnonymizationKey1 = NetworkAnonymizationKey::CreateSameSite(kSite1); @@ -1994,44 +1991,42 @@ TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeyHttpsProxy) { TransportClientSocketPool::GroupId group_id1( url::SchemeHostPort(url::kHttpScheme, kHost, 80), PrivacyMode::PRIVACY_MODE_DISABLED, kNetworkAnonymizationKey1, - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); ClientSocketHandle handle1; TestCompletionCallback callback1; EXPECT_THAT( - handle1.Init( - group_id1, - base::MakeRefCounted<ClientSocketPool::SocketParams>( - /*ssl_config_for_origin=*/nullptr, - /*base_ssl_config_for_proxies=*/std::make_unique<SSLConfig>()), - TRAFFIC_ANNOTATION_FOR_TESTS, LOW, SocketTag(), - ClientSocketPool::RespectLimits::ENABLED, callback1.callback(), - ClientSocketPool::ProxyAuthCallback(), &proxy_pool, - NetLogWithSource()), + handle1.Init(group_id1, + base::MakeRefCounted<ClientSocketPool::SocketParams>( + /*ssl_config_for_origin=*/nullptr), + TRAFFIC_ANNOTATION_FOR_TESTS, LOW, SocketTag(), + ClientSocketPool::RespectLimits::ENABLED, + callback1.callback(), ClientSocketPool::ProxyAuthCallback(), + &proxy_pool, NetLogWithSource()), IsError(ERR_IO_PENDING)); TransportClientSocketPool::GroupId group_id2( url::SchemeHostPort(url::kHttpScheme, kHost, 80), PrivacyMode::PRIVACY_MODE_DISABLED, kNetworkAnonymizationKey2, - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); ClientSocketHandle handle2; TestCompletionCallback callback2; EXPECT_THAT( - handle2.Init( - group_id2, - base::MakeRefCounted<ClientSocketPool::SocketParams>( - /*ssl_config_for_origin=*/nullptr, - /*base_ssl_config_for_proxies=*/std::make_unique<SSLConfig>()), - TRAFFIC_ANNOTATION_FOR_TESTS, LOW, SocketTag(), - ClientSocketPool::RespectLimits::ENABLED, callback2.callback(), - ClientSocketPool::ProxyAuthCallback(), &proxy_pool, - NetLogWithSource()), + handle2.Init(group_id2, + base::MakeRefCounted<ClientSocketPool::SocketParams>( + /*ssl_config_for_origin=*/nullptr), + TRAFFIC_ANNOTATION_FOR_TESTS, LOW, SocketTag(), + ClientSocketPool::RespectLimits::ENABLED, + callback2.callback(), ClientSocketPool::ProxyAuthCallback(), + &proxy_pool, NetLogWithSource()), IsError(ERR_IO_PENDING)); ASSERT_EQ(2u, session_deps_.host_resolver->last_id()); - EXPECT_EQ(kProxyChain.proxy_server().host_port_pair().host(), - session_deps_.host_resolver->request_host(1)); - EXPECT_EQ(kProxyChain.proxy_server().host_port_pair().host(), - session_deps_.host_resolver->request_host(2)); + EXPECT_EQ( + kProxyChain.GetProxyServer(/*server_index=*/0).host_port_pair().host(), + session_deps_.host_resolver->request_host(1)); + EXPECT_EQ( + kProxyChain.GetProxyServer(/*server_index=*/0).host_port_pair().host(), + session_deps_.host_resolver->request_host(2)); EXPECT_TRUE(session_deps_.host_resolver->request_network_anonymization_key(1) .IsTransient()); EXPECT_EQ(session_deps_.host_resolver->request_network_anonymization_key(1), @@ -2041,8 +2036,8 @@ TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeyHttpsProxy) { // Test that, in the case of a SOCKS5 proxy, the passed in // NetworkAnonymizationKey is used for the destination DNS lookup, and the same // transient NetworkAnonymizationKey is reused for resolving the proxy's host, -// regardless of input NIK. -TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeySocks4Proxy) { +// regardless of input NAK. +TEST_F(TransportClientSocketPoolTest, NetworkAnonymizationKeySocks4Proxy) { const SchemefulSite kSite1(GURL("https://foo.test/")); const auto kNetworkAnonymizationKey1 = NetworkAnonymizationKey::CreateSameSite(kSite1); @@ -2079,14 +2074,13 @@ TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeySocks4Proxy) { TransportClientSocketPool::GroupId group_id1( url::SchemeHostPort(url::kHttpScheme, kHost, 80), PrivacyMode::PRIVACY_MODE_DISABLED, kNetworkAnonymizationKey1, - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); ClientSocketHandle handle1; TestCompletionCallback callback1; EXPECT_THAT( handle1.Init(group_id1, base::MakeRefCounted<ClientSocketPool::SocketParams>( - /*ssl_config_for_origin=*/nullptr, - /*base_ssl_config_for_proxies=*/nullptr), + /*ssl_config_for_origin=*/nullptr), TRAFFIC_ANNOTATION_FOR_TESTS, LOW, SocketTag(), ClientSocketPool::RespectLimits::ENABLED, callback1.callback(), ClientSocketPool::ProxyAuthCallback(), @@ -2096,14 +2090,13 @@ TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeySocks4Proxy) { TransportClientSocketPool::GroupId group_id2( url::SchemeHostPort(url::kHttpScheme, kHost, 80), PrivacyMode::PRIVACY_MODE_DISABLED, kNetworkAnonymizationKey2, - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); ClientSocketHandle handle2; TestCompletionCallback callback2; EXPECT_THAT( handle2.Init(group_id2, base::MakeRefCounted<ClientSocketPool::SocketParams>( - /*ssl_config_for_origin=*/nullptr, - /*base_ssl_config_for_proxies=*/nullptr), + /*ssl_config_for_origin=*/nullptr), TRAFFIC_ANNOTATION_FOR_TESTS, LOW, SocketTag(), ClientSocketPool::RespectLimits::ENABLED, callback2.callback(), ClientSocketPool::ProxyAuthCallback(), @@ -2111,19 +2104,21 @@ TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeySocks4Proxy) { IsError(ERR_IO_PENDING)); // First two lookups are for the proxy's hostname, and should use the same - // transient NIK. + // transient NAK. ASSERT_EQ(2u, session_deps_.host_resolver->last_id()); - EXPECT_EQ(kProxyChain.proxy_server().host_port_pair().host(), - session_deps_.host_resolver->request_host(1)); - EXPECT_EQ(kProxyChain.proxy_server().host_port_pair().host(), - session_deps_.host_resolver->request_host(2)); + EXPECT_EQ( + kProxyChain.GetProxyServer(/*server_index=*/0).host_port_pair().host(), + session_deps_.host_resolver->request_host(1)); + EXPECT_EQ( + kProxyChain.GetProxyServer(/*server_index=*/0).host_port_pair().host(), + session_deps_.host_resolver->request_host(2)); EXPECT_TRUE(session_deps_.host_resolver->request_network_anonymization_key(1) .IsTransient()); EXPECT_EQ(session_deps_.host_resolver->request_network_anonymization_key(1), session_deps_.host_resolver->request_network_anonymization_key(2)); // First two lookups completes, starting the next two, which should be for the - // destination's hostname, and should use the passed in NIKs. + // destination's hostname, and should use the passed in NAKs. session_deps_.host_resolver->ResolveNow(1); session_deps_.host_resolver->ResolveNow(2); ASSERT_EQ(4u, session_deps_.host_resolver->last_id()); @@ -2137,8 +2132,8 @@ TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeySocks4Proxy) { // Test that, in the case of a SOCKS5 proxy, the same transient // NetworkAnonymizationKey is reused for resolving the proxy's host, regardless -// of input NIK. -TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeySocks5Proxy) { +// of input NAK. +TEST_F(TransportClientSocketPoolTest, NetworkAnonymizationKeySocks5Proxy) { const SchemefulSite kSite1(GURL("https://foo.test/")); const auto kNetworkAnonymizationKey1 = NetworkAnonymizationKey::CreateSameSite(kSite1); @@ -2166,14 +2161,13 @@ TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeySocks5Proxy) { TransportClientSocketPool::GroupId group_id1( url::SchemeHostPort(url::kHttpScheme, kHost, 80), PrivacyMode::PRIVACY_MODE_DISABLED, kNetworkAnonymizationKey1, - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); ClientSocketHandle handle1; TestCompletionCallback callback1; EXPECT_THAT( handle1.Init(group_id1, base::MakeRefCounted<ClientSocketPool::SocketParams>( - /*ssl_config_for_origin=*/nullptr, - /*base_ssl_config_for_proxies=*/nullptr), + /*ssl_config_for_origin=*/nullptr), TRAFFIC_ANNOTATION_FOR_TESTS, LOW, SocketTag(), ClientSocketPool::RespectLimits::ENABLED, callback1.callback(), ClientSocketPool::ProxyAuthCallback(), @@ -2183,14 +2177,13 @@ TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeySocks5Proxy) { TransportClientSocketPool::GroupId group_id2( url::SchemeHostPort(url::kHttpScheme, kHost, 80), PrivacyMode::PRIVACY_MODE_DISABLED, kNetworkAnonymizationKey2, - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); ClientSocketHandle handle2; TestCompletionCallback callback2; EXPECT_THAT( handle2.Init(group_id2, base::MakeRefCounted<ClientSocketPool::SocketParams>( - /*ssl_config_for_origin=*/nullptr, - /*base_ssl_config_for_proxies=*/nullptr), + /*ssl_config_for_origin=*/nullptr), TRAFFIC_ANNOTATION_FOR_TESTS, LOW, SocketTag(), ClientSocketPool::RespectLimits::ENABLED, callback2.callback(), ClientSocketPool::ProxyAuthCallback(), @@ -2198,10 +2191,12 @@ TEST_F(TransportClientSocketPoolTest, NetworkIsolationKeySocks5Proxy) { IsError(ERR_IO_PENDING)); ASSERT_EQ(2u, session_deps_.host_resolver->last_id()); - EXPECT_EQ(kProxyChain.proxy_server().host_port_pair().host(), - session_deps_.host_resolver->request_host(1)); - EXPECT_EQ(kProxyChain.proxy_server().host_port_pair().host(), - session_deps_.host_resolver->request_host(2)); + EXPECT_EQ( + kProxyChain.GetProxyServer(/*server_index=*/0).host_port_pair().host(), + session_deps_.host_resolver->request_host(1)); + EXPECT_EQ( + kProxyChain.GetProxyServer(/*server_index=*/0).host_port_pair().host(), + session_deps_.host_resolver->request_host(2)); EXPECT_TRUE(session_deps_.host_resolver->request_network_anonymization_key(1) .IsTransient()); EXPECT_EQ(session_deps_.host_resolver->request_network_anonymization_key(1), @@ -2215,10 +2210,10 @@ TEST_F(TransportClientSocketPoolTest, HasActiveSocket) { ClientSocketHandle handle; ClientSocketPool::GroupId group_id1( kEndpoint1, PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); ClientSocketPool::GroupId group_id2( kEndpoint2, PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); // HasActiveSocket() must return false before creating a socket. EXPECT_FALSE(pool_->HasActiveSocket(group_id1)); @@ -2300,7 +2295,7 @@ TEST_F(TransportClientSocketPoolTest, Tag) { const ClientSocketPool::GroupId kGroupId( url::SchemeHostPort(test_server.base_url()), PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); scoped_refptr<ClientSocketPool::SocketParams> params = ClientSocketPool::SocketParams::CreateForHttpForTesting(); TestCompletionCallback callback; @@ -2426,11 +2421,11 @@ TEST_F(TransportClientSocketPoolTest, TagSOCKSProxy) { const url::SchemeHostPort kDestination(url::kHttpScheme, "host", 80); const ClientSocketPool::GroupId kGroupId( kDestination, PrivacyMode::PRIVACY_MODE_DISABLED, - NetworkAnonymizationKey(), SecureDnsPolicy::kAllow); + NetworkAnonymizationKey(), SecureDnsPolicy::kAllow, + /*disable_cert_network_fetches=*/false); scoped_refptr<ClientSocketPool::SocketParams> socks_params = base::MakeRefCounted<ClientSocketPool::SocketParams>( - /*ssl_config_for_origin=*/nullptr, - /*base_ssl_config_for_proxies=*/nullptr); + /*ssl_config_for_origin=*/nullptr); // Test socket is tagged when created synchronously. SOCKS5MockData data_sync(SYNCHRONOUS); @@ -2520,14 +2515,13 @@ TEST_F(TransportClientSocketPoolTest, TagSSLDirect) { const ClientSocketPool::GroupId kGroupId( url::SchemeHostPort(test_server.base_url()), PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); auto ssl_config_for_origin = std::make_unique<SSLConfig>(); ssl_config_for_origin->alpn_protos = {kProtoHTTP2, kProtoHTTP11}; scoped_refptr<ClientSocketPool::SocketParams> socket_params = base::MakeRefCounted<ClientSocketPool::SocketParams>( - std::move(ssl_config_for_origin), - /*base_ssl_config_for_proxies=*/nullptr); + std::move(ssl_config_for_origin)); // Test socket is tagged before connected. uint64_t old_traffic = GetTaggedBytes(tag_val1); @@ -2593,13 +2587,12 @@ TEST_F(TransportClientSocketPoolTest, TagSSLDirectTwoSockets) { const ClientSocketPool::GroupId kGroupId( url::SchemeHostPort(test_server.base_url()), PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); auto ssl_config_for_origin = std::make_unique<SSLConfig>(); ssl_config_for_origin->alpn_protos = {kProtoHTTP2, kProtoHTTP11}; scoped_refptr<ClientSocketPool::SocketParams> socket_params = base::MakeRefCounted<ClientSocketPool::SocketParams>( - std::move(ssl_config_for_origin), - /*base_ssl_config_for_proxies=*/nullptr); + std::move(ssl_config_for_origin)); // Test connect jobs that are orphaned and then adopted, appropriately apply // new tag. Request socket with |tag1|. @@ -2659,13 +2652,12 @@ TEST_F(TransportClientSocketPoolTest, TagSSLDirectTwoSocketsFullPool) { const ClientSocketPool::GroupId kGroupId( url::SchemeHostPort(test_server.base_url()), PrivacyMode::PRIVACY_MODE_DISABLED, NetworkAnonymizationKey(), - SecureDnsPolicy::kAllow); + SecureDnsPolicy::kAllow, /*disable_cert_network_fetches=*/false); auto ssl_config_for_origin = std::make_unique<SSLConfig>(); ssl_config_for_origin->alpn_protos = {kProtoHTTP2, kProtoHTTP11}; scoped_refptr<ClientSocketPool::SocketParams> socket_params = base::MakeRefCounted<ClientSocketPool::SocketParams>( - std::move(ssl_config_for_origin), - /*base_ssl_config_for_proxies=*/nullptr); + std::move(ssl_config_for_origin)); // Test that sockets paused by a full underlying socket pool are properly // connected and tagged when underlying pool is freed up. @@ -2741,11 +2733,11 @@ TEST_F(TransportClientSocketPoolTest, TagHttpProxyNoTunnel) { 80); const ClientSocketPool::GroupId kGroupId( kDestination, PrivacyMode::PRIVACY_MODE_DISABLED, - NetworkAnonymizationKey(), SecureDnsPolicy::kAllow); + NetworkAnonymizationKey(), SecureDnsPolicy::kAllow, + /*disable_cert_network_fetches=*/false); scoped_refptr<ClientSocketPool::SocketParams> socket_params = base::MakeRefCounted<ClientSocketPool::SocketParams>( - /*ssl_config_for_origin=*/nullptr, - /*base_ssl_config_for_proxies=*/nullptr); + /*ssl_config_for_origin=*/nullptr); // Verify requested socket is tagged properly. ClientSocketHandle handle; @@ -2814,14 +2806,14 @@ TEST_F(TransportClientSocketPoolTest, TagHttpProxyTunnel) { 443); const ClientSocketPool::GroupId kGroupId( kDestination, PrivacyMode::PRIVACY_MODE_DISABLED, - NetworkAnonymizationKey(), SecureDnsPolicy::kAllow); + NetworkAnonymizationKey(), SecureDnsPolicy::kAllow, + /*disable_cert_network_fetches=*/false); auto ssl_config_for_origin = std::make_unique<SSLConfig>(); ssl_config_for_origin->alpn_protos = {kProtoHTTP2, kProtoHTTP11}; scoped_refptr<ClientSocketPool::SocketParams> socket_params = base::MakeRefCounted<ClientSocketPool::SocketParams>( - std::move(ssl_config_for_origin), - /*base_ssl_config_for_proxies=*/nullptr); + std::move(ssl_config_for_origin)); // Verify requested socket is tagged properly. ClientSocketHandle handle; @@ -2932,15 +2924,15 @@ TEST_F(TransportClientSocketPoolMockNowSourceTest, IdleUnusedSocketTimeout) { // Create 1 socket. scoped_refptr<ClientSocketPool::SocketParams> socket_params = base::MakeRefCounted<ClientSocketPool::SocketParams>( - /*ssl_config_for_origin=*/nullptr, - /*base_ssl_config_for_proxies=*/nullptr); + /*ssl_config_for_origin=*/nullptr); session_deps.socket_factory->AddSocketDataProvider(&provider_socket_1); ClientSocketHandle connection; TestCompletionCallback callback; int rv = connection.Init( ClientSocketPool::GroupId( kSchemeHostPort1, PrivacyMode::PRIVACY_MODE_DISABLED, - NetworkAnonymizationKey(), SecureDnsPolicy::kAllow), + NetworkAnonymizationKey(), SecureDnsPolicy::kAllow, + /*disable_cert_network_fetches=*/false), ClientSocketPool::SocketParams::CreateForHttpForTesting(), /*proxy_annotation_tag=*/absl::nullopt, MEDIUM, SocketTag(), ClientSocketPool::RespectLimits::ENABLED, callback.callback(), @@ -2977,8 +2969,7 @@ TEST_F(TransportClientSocketPoolMockNowSourceTest, IdleUnusedSocketTimeout) { // Request a new socket to trigger cleanup of idle timedout sockets. scoped_refptr<ClientSocketPool::SocketParams> socket_params = base::MakeRefCounted<ClientSocketPool::SocketParams>( - /*ssl_config_for_origin=*/nullptr, - /*base_ssl_config_for_proxies=*/nullptr); + /*ssl_config_for_origin=*/nullptr); SequencedSocketData provider_socket_2(MockConnect(ASYNC, OK), base::span<MockRead>(), base::span<MockWrite>()); @@ -2988,7 +2979,8 @@ TEST_F(TransportClientSocketPoolMockNowSourceTest, IdleUnusedSocketTimeout) { int rv = connection.Init( ClientSocketPool::GroupId( kSchemeHostPort2, PrivacyMode::PRIVACY_MODE_DISABLED, - NetworkAnonymizationKey(), SecureDnsPolicy::kAllow), + NetworkAnonymizationKey(), SecureDnsPolicy::kAllow, + /*disable_cert_network_fetches=*/false), socket_params, /*proxy_annotation_tag=*/absl::nullopt, MEDIUM, SocketTag(), ClientSocketPool::RespectLimits::ENABLED, callback.callback(), ClientSocketPool::ProxyAuthCallback(), |